research-article

Teaching Android Mobile Security

Authors:

Jean-François Lalande,

Valérie Viet Triem Tong,

Guillaume Hiet,

Wojciech Mazurczyk,

Pascal BerthoméAuthors Info & Claims

SIGCSE '19: Proceedings of the 50th ACM Technical Symposium on Computer Science Education

Pages 232 - 238

https://doi.org/10.1145/3287324.3287406

Published: 22 February 2019 Publication History

Abstract

At present, computer science studies generally offer courses addressing mobile development and they use mobile technologies for illustrating theoretical concepts such as operating system, design patterns, and compilation because Android and iOS use a large variety of technologies for developing applications. Teaching courses on security is also becoming an important concern for academics, and the use of mobile platforms (such as Android) as supporting material is becoming a reasonable option. In this paper, we intend to bridge a gap in the literature by reversing this paradigm: Android is not only an opportunity to learn security concepts but requires strong pedagogical efforts for covering all the aspects of mobile security. Thus, we propose teaching Android mobile security through a two-dimensional approach. The first dimension addresses the cognitive process of the Bloom taxonomy, and the second dimension addresses the technical layers of the architecture of the Android operating system. We describe a set of comprehensive security laboratory courses covering various concepts, ranging from the application development perspective to a deep investigation of the Android Open Source Project and its interaction with the Linux kernel. We evaluated this approach, and our results verify that the designed security labs impart the required knowledge to the students.

References

[1]

Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L Mazurek, and Christian Stransky. 2016. You Get Where You're Looking for: The Impact of Information Sources on Code Security. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 289--305.

[2]

Jeremy Andrus and Jason Nieh. 2012. Teaching operating systems using android. In 43rd ACM technical symposium on Computer Science Education. ACM Press, Raleigh, North Carolina, USA, 613--618.

Digital Library

[3]

Dimitris Apostolopoulos and Giannis Marinakis. 2013. Discovering authentication credentials in volatile memory of Android mobile devices. In 12th IFIP Conference on e-Business, e-Services, e-Society. Athens, Greece, 178--185.

[4]

Muhammad Rizwan Asghar and Andrew Luxton-Reilly. 2018. Teaching Cyber Security Using Competitive Software Obfuscation and Reverse Engineering Activities. In 49th ACM Technical Symposium on Computer Science Education - SIGCSE '18. ACM Press, Baltimore, MD, USA, 179--184.

Digital Library

[5]

Jennifer Campbell and Anya Tafliovich. 2015. An Experience Report: Using Mobile Development To Teach Software Design. In 46th ACM Technical Symposium on Computer Science Education - SIGCSE '15 . ACM Press, Kansas City, MO, USA, 506--511.

Digital Library

[6]

Nikolay Elenkov. 2014. Android Security Internals: An In-Depth Guide to Android's Security Architecture. No Starch Press.

Digital Library

[7]

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In 9th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association, Vancouver, BC, Canada, 393--407.

Digital Library

[8]

Andrey Esakia, Shuo Niu, and D. Scott McCrickard. 2015. Augmenting Undergraduate Computer Science Education With Programmable Smartwatches. In 46th ACM Technical Symposium on Computer Science Education - SIGCSE '15 . ACM Press, Kansas City, MO, USA, 66--71.

Digital Library

[9]

Sheran Gunasekera. 2012. Android Apps Security. Apress.

Digital Library

[10]

Minzhe Guo, Prabir Bhattacharya, Ming Yang, Kai Qian, and Li Yang. 2013. Learning mobile security with android security labware. In 44th ACM technical symposium on Computer science education - SIGCSE '15. ACM Press, Kansas City, MO, USA, 675--680.

Digital Library

[11]

Christian Hilgers, Holger Macht, Tilo Muller, and Michael Spreitzenbarth. 2014. Post-Mortem Memory Analysis of Cold-Booted Android Devices. In 2014 Eighth International Conference on IT Security Incident Management & IT Forensics . IEEE Computer Society, Munster, Germany, 62--75.

Digital Library

[12]

David R Krathwohl. 2002. A Revision of Bloom's Taxonomy: An Overview . Theory Into Practice, Vol. 41, 4 (2002), 212--218.

[13]

Jonathan Levin. 2015. Android Internals: A Confectioner's Cookbook.

[14]

Claudio Marforio, Hubert Ritzdorf, Auré lien Francillon, and Srdjan Capkun. 2012. Analysis of the communication between colluding applications on modern smartphones. In 28th Annual Computer Security Applications Conference. ACM Press, Orlando, Florida, USA, 51--60.

Digital Library

[15]

Matthew Neis, Vincent Cefalu, and Ankur Chattopadhyay. 2018. Developing a Unique Android App-driven Nifty Middle-School Educational Module on Mobile Security for Driving Basic Information Security Awareness and Generating Interests in Cybersecurity . In 49th ACM Technical Symposium on Computer Science Education - SIGCSE '18. ACM Press, Baltimore, MD, USA, 1081--1081.

Digital Library

[16]

Christoforos Ntantogian, Dimitris Apostolopoulos, Giannis Marinakis, and Christos Xenakis. 2014. Evaluating the privacy of Android mobile applications under forensic analysis . Computers & Security, Vol. 42 (may 2014), 66--76.

[17]

Or Peles and Roee Hay. 2015. One Class to Rule Them All: 0-Day Deserialization Vulnerabilities in Android. In 9th USENIX Workshop on Offensive Technologies. Washington, WA, USA, 1--12.

Digital Library

[18]

Michael Sonntag. 2013. Learning security through insecurity. In 2nd International Conference on E-Learning and E-Technologies in Education. Lodz, Poland, 143--148.

[19]

Pasquale Stirparo, Igor Nai Fovino, and Ioannis Kounelis. 2013. Data-in-use leakages from Android memory - Test and analysis. In 9th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications . 718--725.

[20]

Kelvin Sung and Arjmand Samuel. 2014. Mobile application development classes for the mobile era. In 2014 conference on Innovation & technology in computer science education. ACM Press, Uppsala, Sweden, 141--146.

Digital Library

[21]

Seyitriza Tigrek and Mohammad Obadat. 2012. Teaching smartphones programming using (Android Java): Pedagogy and innovation. In 2012 International Conference on Information Technology Based Higher Education and Training. IEEE Computer Society, 1--7.

[22]

Zouheir Trabelsi, Mohammed Al Matrooshi, and Saeed Al Bairaq. 2016. A Smartphone App for Enhancing Students' Hands-on Learning on Network and DoS Attacks Traffic Generation. In 17th Annual Conference on Information Technology Education. ACM Press, Boston, MS, USA, 48--53.

Digital Library

[23]

Zouheir Trabelsi, Mohammed Al Matrooshi, Saeed Al Bairaq, Walid Ibrahim, and Mohammad M. Masud. 2017. Android based mobile apps for information security hands-on education . Education and Information Technologies, Vol. 22, 1 (jan 2017), 125--144.

Digital Library

[24]

Marcin Urbanski, Wojciech Mazurczyk, Jean-Francois Lalande, and Luca Caviglione. 2017. Detecting Local Covert Channels Using Process Activity Correlation on Android Smartphones. International Journal of Computer Systems Science and Engineering, Vol. 32, 2 (March 2017).

[25]

Xiaohong Yuan, Kenneth Williams, Scott McCrickard, Charles Hardnett, Litany H. Lineberry, Kelvin Bryant, Jinsheng Xu, Albert Esterline, Anyi Liu, Selvarajah Mohanarajah, and Rachel Rutledge. 2016. Teaching mobile computing and mobile security . In IEEE Frontiers in Education Conference . IEEE Computer Society, Erie, PA, USA, 1--6.

[26]

Karim Yaghmour. {n. d.}. Embedded Android: Porting, Extending, and Customizing. O'Reilly Media, Inc.

Digital Library

Cited By

Nelson CShoshitaishvili YStephenson BStone JBattestilli LRebelsky SShoop L(2024)PWN The Learning Curve: Education-First CTF ChallengesProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630912(937-943)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1145/3626252.3630912
Poe TChattopadhyay A(2024)Effecting mobile security awareness and interest in cybersecurity using the CovertEyeOp mobile app driven user hack based learning approachEducation and Information Technologies10.1007/s10639-023-12266-729:10(12527-12568)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1007/s10639-023-12266-7
Soll M(2023)What Exactly is a Laboratory in Computer Science?2023 IEEE Global Engineering Education Conference (EDUCON)10.1109/EDUCON54358.2023.10125259(1-9)Online publication date: 1-May-2023
https://doi.org/10.1109/EDUCON54358.2023.10125259
Show More Cited By

Index Terms

Teaching Android Mobile Security
1. Applied computing
  1. Education
2. Security and privacy
  1. Software and application security
    1. Software reverse engineering
    2. Software security engineering
  2. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

Security implications of Android: a closed system, open software mobile platform
SPSM '11: Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

Smartphones blur the boundaries between the traditional feature phone and a general purpose computer such as a laptop. The Android OS, from Google, was created to be an open alternative to fully closed platforms such as Apple's iOS or Microsoft's ...
Enhancing security enforcement on unmodified Android
SAC '13: Proceedings of the 28th Annual ACM Symposium on Applied Computing

Android OS have several security vulnerabilities. Most of existing proposals require extensive modification of Android kernel or application framework. So, they are not feasible for end users which use stock Android OS. In this paper, we present a novel ...
Understanding Android Security

Google's Android platform is a widely anticipated open source operating system for mobile phones. This article describes Android's security model and attempts to unmask the complexity of secure application development. The authors conclude by ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCSE '19: Proceedings of the 50th ACM Technical Symposium on Computer Science Education

February 2019

1364 pages

ISBN:9781450358903

DOI:10.1145/3287324

General Chairs:
Elizabeth K. Hawthorne
Union County College, USA
,
Manuel A. Pérez-Quiñones
University of North Carolina at Charlotte, USA
,
Program Chairs:
Sarah Heckman
North Carolina State University, USA
,
Jian Zhang
Texas Woman's University, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCSE: ACM Special Interest Group on Computer Science Education

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 February 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGCSE '19

Sponsor:

SIGCSE

SIGCSE '19: The 50th ACM Technical Symposium on Computer Science Education

February 27 - March 2, 2019

MN, Minneapolis, USA

Acceptance Rates

SIGCSE '19 Paper Acceptance Rate 169 of 526 submissions, 32%;

Overall Acceptance Rate 1,595 of 4,542 submissions, 35%

Upcoming Conference

SIGCSE Virtual 2024

Sponsor:
sigcse

1st ACM Virtual Global Computing Education Conference

December 5 - 8, 2024

Virtual Event , NC , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
526
Total Downloads

Downloads (Last 12 months)38
Downloads (Last 6 weeks)4

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Nelson CShoshitaishvili YStephenson BStone JBattestilli LRebelsky SShoop L(2024)PWN The Learning Curve: Education-First CTF ChallengesProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630912(937-943)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1145/3626252.3630912
Poe TChattopadhyay A(2024)Effecting mobile security awareness and interest in cybersecurity using the CovertEyeOp mobile app driven user hack based learning approachEducation and Information Technologies10.1007/s10639-023-12266-729:10(12527-12568)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1007/s10639-023-12266-7
Soll M(2023)What Exactly is a Laboratory in Computer Science?2023 IEEE Global Engineering Education Conference (EDUCON)10.1109/EDUCON54358.2023.10125259(1-9)Online publication date: 1-May-2023
https://doi.org/10.1109/EDUCON54358.2023.10125259
Soll MHelmken HBelde MSchimpfhauser SNguyen FVersick D(2023)Building an IT Security Laboratory for Complex Teaching Scenarios Using ‘Infrastructure as Code’2023 IEEE Global Engineering Education Conference (EDUCON)10.1109/EDUCON54358.2023.10125250(1-8)Online publication date: 1-May-2023
https://doi.org/10.1109/EDUCON54358.2023.10125250
Chattopadhyay APoe TNguyen HTsegaye AMoua L(2022)Covert Eye Op App: An Offense Based Learning Approach Towards Developing Mobile Security Awareness and Interest in CybersecurityProceedings of the 23rd Annual Conference on Information Technology Education10.1145/3537674.3554741(29-36)Online publication date: 21-Sep-2022
https://dl.acm.org/doi/10.1145/3537674.3554741
Kaur PGeeta Sharma V(2022)Analysis of Secure Locking Techniques on Smart Phones2022 5th International Conference on Contemporary Computing and Informatics (IC3I)10.1109/IC3I56241.2022.10073370(1807-1811)Online publication date: 14-Dec-2022
https://doi.org/10.1109/IC3I56241.2022.10073370
Ashawa MMorris S(2021)Android Permission Classifier: a deep learning algorithmic framework based on protection and threat levelsSECURITY AND PRIVACY10.1002/spy2.1644:5Online publication date: 5-May-2021
https://doi.org/10.1002/spy2.164
Perugini S(2020)Revitalizing the Linux programming course with GoJournal of Computing Sciences in Colleges10.5555/3381613.338162035:5(61-69)Online publication date: 30-Jan-2020
https://dl.acm.org/doi/10.5555/3381613.3381620
Zheng YKhazanchi DSiy HGrispos GKwaku Setor T(2020)SIGITE and SIGCSE SymposiumsProceedings of the 21st Annual Conference on Information Technology Education10.1145/3368308.3415400(132-137)Online publication date: 7-Oct-2020
https://dl.acm.org/doi/10.1145/3368308.3415400
Podila LBandreddi JCampos JNiyaz QYang XTrekles ACzerniak CJavaid A(2020)Practice-Oriented Smartphone Security Exercises for Developing Cybersecurity Mindset in High School Students2020 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE)10.1109/TALE48869.2020.9368440(303-310)Online publication date: 8-Dec-2020
https://doi.org/10.1109/TALE48869.2020.9368440

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents